Subject: Re: yppasswd fix (please review)
To: None <hubert.feyrer@informatik.fh-regensburg.de>
From: David Brownlee <abs@netbsd.org>
List: tech-userlevel
Date: 12/10/1999 18:36:01
Just a thought - does this still work if you run an insecure yp
(because of non NetBSD machines), and particularly against a non
NetBSD yp server...
David/absolute
On Fri, 10 Dec 1999, Hubert Feyrer wrote:
>
> Hello,
>
> it seems that yppasswd(1) was broken when we got changes to remove
> encrypted passwords from the passwd.byname NIS table and moved them to
> master.passwd.byname instead. yppasswd(1) still looked in passwd.byname to
> verify the old password, and as that map only has a "*" for the encrypted
> password, this caused attempts to change the password always to be
> rejected. After teaching yppasswd(1) to use master.passwd.byname, some
> minor adjustment for the different file format was necessary.
>
> I'd like to commit this soonish, but would appreciate if anyone could
> review this. I've tested this on a 1.4.1/i386 server and both 1.4.1/i386
> and 1.4.1/sparc clients.
>
> This problem was pointed out to me by David Koronczay <fu@ludens.elte.hu>
> on IRC. From a quick code inspection, this bug is also present in OpenBSD
> (hi Theo :-), I'm not sure about FreeBSD.
>
>
> - Hubert
>
> --
> NetBSD - Better for your uptime than Viagra
>
>
>
> Index: yp_passwd.c
> ===================================================================
> RCS file: /cvsroot/basesrc/usr.bin/passwd/yp_passwd.c,v
> retrieving revision 1.20
> diff -u -r1.20 yp_passwd.c
> --- yp_passwd.c 1999/08/16 03:02:46 1.20
> +++ yp_passwd.c 1999/12/10 16:41:57
> @@ -300,6 +300,9 @@
> pwent->pw_passwd = p;
> p = pwskip(p);
> pwent->pw_uid = (uid_t)strtoul(p, NULL, 10);
> + p = pwskip(p); /* skip class */
> + p = pwskip(p); /* skip change */
> + p = pwskip(p); /* skip expire */
> p = pwskip(p);
> pwent->pw_gid = (gid_t)strtoul(p, NULL, 10);
> p = pwskip(p);
> @@ -324,7 +327,7 @@
> int reason, vallen;
>
> val = NULL;
> - reason = yp_match(domain, "passwd.byname", nam, strlen(nam),
> + reason = yp_match(domain, "master.passwd.byname", nam, strlen(nam),
> &val, &vallen);
> if (reason != 0) {
> if (val != NULL)
>
>